utrace is infrastructure code for tracing and controlling user threads. This is the foundation for writing tracing engines, which can be loadable kernel modules.

The basic actors in utrace are the thread and the tracing engine. A tracing engine is some body of code that calls into the <linux/utrace.h> interfaces, represented by a struct utrace_engine_ops. (Usually it's a kernel module, though the legacy ptrace support is a tracing engine that is not in a kernel module.) The interface operates on individual threads (struct task_struct). If an engine wants to treat several threads as a group, that is up to its higher-level code.

Tracing begins by attaching an engine to a thread, using utrace_attach_task or utrace_attach_pid. If successful, it returns a pointer that is the handle used in all other calls.